Search in sources :

Example 26 with RequestedSecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType in project cxf by apache.

the class IssueSamlUnitTest method testIssueMultipleSamlTokens.

/**
 * Test to successfully issue multiple Saml tokens. It request a SAML 1.1 and SAML 2 token.
 */
@org.junit.Test
public void testIssueMultipleSamlTokens() throws Exception {
    TokenIssueOperation issueOperation = new TokenIssueOperation();
    // Add Token Provider
    List<TokenProvider> providerList = new ArrayList<>();
    providerList.add(new SAMLTokenProvider());
    issueOperation.setTokenProviders(providerList);
    // Add Service
    ServiceMBean service = new StaticService();
    service.setEndpoints(Collections.singletonList("http://dummy-service.com/dummy"));
    issueOperation.setServices(Collections.singletonList(service));
    // Add STSProperties object
    STSPropertiesMBean stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    issueOperation.setStsProperties(stsProperties);
    // Mock up a request
    RequestSecurityTokenCollectionType requestCollection = new RequestSecurityTokenCollectionType();
    // SAML 1.1 request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, WSS4JConstants.WSS_SAML_TOKEN_TYPE);
    request.getAny().add(tokenType);
    request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
    requestCollection.getRequestSecurityToken().add(request);
    // SAML 2 request
    request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType2 = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, WSS4JConstants.WSS_SAML2_TOKEN_TYPE);
    request.getAny().add(tokenType2);
    request.getAny().add(createAppliesToElement("http://dummy-service.com/dummy"));
    requestCollection.getRequestSecurityToken().add(request);
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    Principal principal = new CustomTokenPrincipal("alice");
    msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
    // Issue a token
    RequestSecurityTokenResponseCollectionType response = issueOperation.issue(requestCollection, principal, msgCtx);
    List<RequestSecurityTokenResponseType> securityTokenResponse = response.getRequestSecurityTokenResponse();
    assertEquals(securityTokenResponse.size(), 2);
    // Test the generated tokens.
    Element assertion = null;
    for (Object tokenObject : securityTokenResponse.get(0).getAny()) {
        if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
            RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
            assertion = (Element) rstType.getAny();
            break;
        }
    }
    assertNotNull(assertion);
    String tokenString = DOM2Writer.nodeToString(assertion);
    assertTrue(tokenString.contains("AttributeStatement"));
    assertTrue(tokenString.contains("alice"));
    assertTrue(tokenString.contains(SAML1Constants.CONF_BEARER));
    for (Object tokenObject : securityTokenResponse.get(1).getAny()) {
        if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
            RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
            assertion = (Element) rstType.getAny();
            break;
        }
    }
    assertNotNull(assertion);
    tokenString = DOM2Writer.nodeToString(assertion);
    assertTrue(tokenString.contains("AttributeStatement"));
    assertTrue(tokenString.contains("alice"));
    assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
}
Also used : ServiceMBean(org.apache.cxf.sts.service.ServiceMBean) RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties) RequestedSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType) StaticService(org.apache.cxf.sts.service.StaticService) RequestSecurityTokenResponseCollectionType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseCollectionType) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) TokenProvider(org.apache.cxf.sts.token.provider.TokenProvider) SAMLTokenProvider(org.apache.cxf.sts.token.provider.SAMLTokenProvider) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) RequestSecurityTokenCollectionType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenCollectionType) JAXBElement(javax.xml.bind.JAXBElement) Crypto(org.apache.wss4j.common.crypto.Crypto) SAMLTokenProvider(org.apache.cxf.sts.token.provider.SAMLTokenProvider) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext) SecurityContext(org.apache.cxf.security.SecurityContext) MessageImpl(org.apache.cxf.message.MessageImpl) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) Principal(java.security.Principal)

Example 27 with RequestedSecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType in project cxf by apache.

the class RenewSamlUnitTest method testRenewExpiredSaml1Token.

/**
 * Test to successfully renew an expired Saml 1.1 token.
 */
@org.junit.Test
public void testRenewExpiredSaml1Token() throws Exception {
    TokenRenewOperation renewOperation = new TokenRenewOperation();
    renewOperation.setTokenStore(tokenStore);
    // Add Token Renewer
    List<TokenRenewer> renewerList = new ArrayList<>();
    TokenRenewer tokenRenewer = new SAMLTokenRenewer();
    tokenRenewer.setVerifyProofOfPossession(false);
    tokenRenewer.setAllowRenewalAfterExpiry(true);
    renewerList.add(tokenRenewer);
    renewOperation.setTokenRenewers(renewerList);
    // Add Token Validator
    List<TokenValidator> validatorList = new ArrayList<>();
    validatorList.add(new SAMLTokenValidator());
    renewOperation.setTokenValidators(validatorList);
    // Add STSProperties object
    STSPropertiesMBean stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    renewOperation.setStsProperties(stsProperties);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, STSConstants.BEARER_KEY_KEYTYPE);
    request.getAny().add(tokenType);
    // Get a SAML Token via the SAMLTokenProvider
    CallbackHandler callbackHandler = new PasswordCallbackHandler();
    Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML_TOKEN_TYPE, crypto, "mystskey", callbackHandler, 50, true, true);
    // Sleep to expire the token
    Thread.sleep(100);
    Document doc = samlToken.getOwnerDocument();
    samlToken = (Element) doc.appendChild(samlToken);
    RenewTargetType renewTarget = new RenewTargetType();
    renewTarget.setAny(samlToken);
    JAXBElement<RenewTargetType> renewTargetType = new JAXBElement<RenewTargetType>(QNameConstants.RENEW_TARGET, RenewTargetType.class, renewTarget);
    request.getAny().add(renewTargetType);
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    Principal principal = new CustomTokenPrincipal("alice");
    msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
    // Renew a token
    RequestSecurityTokenResponseType response = renewOperation.renew(request, principal, msgCtx);
    assertTrue(response != null && response.getAny() != null && !response.getAny().isEmpty());
    // Test the generated token.
    Element assertion = null;
    for (Object tokenObject : response.getAny()) {
        if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
            RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
            assertion = (Element) rstType.getAny();
            break;
        }
    }
    assertNotNull(assertion);
    String tokenString = DOM2Writer.nodeToString(assertion);
    assertTrue(tokenString.contains("AttributeStatement"));
    assertTrue(tokenString.contains("alice"));
    assertTrue(tokenString.contains(SAML1Constants.CONF_BEARER));
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties) RequestedSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType) Document(org.w3c.dom.Document) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) TokenValidator(org.apache.cxf.sts.token.validator.TokenValidator) SAMLTokenValidator(org.apache.cxf.sts.token.validator.SAMLTokenValidator) SAMLTokenRenewer(org.apache.cxf.sts.token.renewer.SAMLTokenRenewer) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) TokenRenewer(org.apache.cxf.sts.token.renewer.TokenRenewer) SAMLTokenRenewer(org.apache.cxf.sts.token.renewer.SAMLTokenRenewer) JAXBElement(javax.xml.bind.JAXBElement) Crypto(org.apache.wss4j.common.crypto.Crypto) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) RenewTargetType(org.apache.cxf.ws.security.sts.provider.model.RenewTargetType) WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext) SecurityContext(org.apache.cxf.security.SecurityContext) SAMLTokenValidator(org.apache.cxf.sts.token.validator.SAMLTokenValidator) MessageImpl(org.apache.cxf.message.MessageImpl) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) Principal(java.security.Principal)

Example 28 with RequestedSecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType in project cxf by apache.

the class RenewSamlUnitTest method testRenewExpiredSaml2TokenNoCacheNoTokenType.

/**
 * Test to successfully renew an expired Saml 2 token and sending no TokenType.
 */
@org.junit.Test
public void testRenewExpiredSaml2TokenNoCacheNoTokenType() throws Exception {
    TokenRenewOperation renewOperation = new TokenRenewOperation();
    renewOperation.setTokenStore(tokenStore);
    // Add Token Renewer
    List<TokenRenewer> renewerList = new ArrayList<>();
    TokenRenewer tokenRenewer = new SAMLTokenRenewer();
    tokenRenewer.setVerifyProofOfPossession(false);
    tokenRenewer.setAllowRenewalAfterExpiry(true);
    renewerList.add(tokenRenewer);
    renewOperation.setTokenRenewers(renewerList);
    // Add Token Validator
    List<TokenValidator> validatorList = new ArrayList<>();
    validatorList.add(new SAMLTokenValidator());
    renewOperation.setTokenValidators(validatorList);
    // Add STSProperties object
    STSPropertiesMBean stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    renewOperation.setStsProperties(stsProperties);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    // Get a SAML Token via the SAMLTokenProvider
    CallbackHandler callbackHandler = new PasswordCallbackHandler();
    Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, crypto, "mystskey", callbackHandler, 50, true, true);
    // Sleep to expire the token
    Thread.sleep(100);
    Document doc = samlToken.getOwnerDocument();
    samlToken = (Element) doc.appendChild(samlToken);
    RenewTargetType renewTarget = new RenewTargetType();
    renewTarget.setAny(samlToken);
    JAXBElement<RenewTargetType> renewTargetType = new JAXBElement<RenewTargetType>(QNameConstants.RENEW_TARGET, RenewTargetType.class, renewTarget);
    request.getAny().add(renewTargetType);
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    Principal principal = new CustomTokenPrincipal("alice");
    msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
    // Renew a token
    RequestSecurityTokenResponseType response = renewOperation.renew(request, principal, msgCtx);
    assertTrue(response != null && response.getAny() != null && !response.getAny().isEmpty());
    // Test the generated token.
    Element assertion = null;
    for (Object tokenObject : response.getAny()) {
        if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
            RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
            assertion = (Element) rstType.getAny();
            break;
        }
    }
    assertNotNull(assertion);
    String tokenString = DOM2Writer.nodeToString(assertion);
    assertTrue(tokenString.contains("AttributeStatement"));
    assertTrue(tokenString.contains("alice"));
    assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties) RequestedSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType) Document(org.w3c.dom.Document) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) TokenValidator(org.apache.cxf.sts.token.validator.TokenValidator) SAMLTokenValidator(org.apache.cxf.sts.token.validator.SAMLTokenValidator) SAMLTokenRenewer(org.apache.cxf.sts.token.renewer.SAMLTokenRenewer) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) TokenRenewer(org.apache.cxf.sts.token.renewer.TokenRenewer) SAMLTokenRenewer(org.apache.cxf.sts.token.renewer.SAMLTokenRenewer) JAXBElement(javax.xml.bind.JAXBElement) Crypto(org.apache.wss4j.common.crypto.Crypto) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) RenewTargetType(org.apache.cxf.ws.security.sts.provider.model.RenewTargetType) WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext) SecurityContext(org.apache.cxf.security.SecurityContext) SAMLTokenValidator(org.apache.cxf.sts.token.validator.SAMLTokenValidator) MessageImpl(org.apache.cxf.message.MessageImpl) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) Principal(java.security.Principal)

Example 29 with RequestedSecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType in project cxf by apache.

the class RenewSamlUnitTest method testRenewValidSaml1Token.

/**
 * Test to successfully renew a valid Saml 1.1 token
 */
@org.junit.Test
public void testRenewValidSaml1Token() throws Exception {
    TokenRenewOperation renewOperation = new TokenRenewOperation();
    renewOperation.setTokenStore(tokenStore);
    // Add Token Renewer
    List<TokenRenewer> renewerList = new ArrayList<>();
    TokenRenewer tokenRenewer = new SAMLTokenRenewer();
    tokenRenewer.setVerifyProofOfPossession(false);
    renewerList.add(tokenRenewer);
    renewOperation.setTokenRenewers(renewerList);
    // Add Token Validator
    List<TokenValidator> validatorList = new ArrayList<>();
    validatorList.add(new SAMLTokenValidator());
    renewOperation.setTokenValidators(validatorList);
    // Add STSProperties object
    STSPropertiesMBean stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    renewOperation.setStsProperties(stsProperties);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, STSConstants.BEARER_KEY_KEYTYPE);
    request.getAny().add(tokenType);
    // Get a SAML Token via the SAMLTokenProvider
    CallbackHandler callbackHandler = new PasswordCallbackHandler();
    Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML_TOKEN_TYPE, crypto, "mystskey", callbackHandler, 50000, true, false);
    Document doc = samlToken.getOwnerDocument();
    samlToken = (Element) doc.appendChild(samlToken);
    RenewTargetType renewTarget = new RenewTargetType();
    renewTarget.setAny(samlToken);
    JAXBElement<RenewTargetType> renewTargetType = new JAXBElement<RenewTargetType>(QNameConstants.RENEW_TARGET, RenewTargetType.class, renewTarget);
    request.getAny().add(renewTargetType);
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    Principal principal = new CustomTokenPrincipal("alice");
    msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
    // Renew a token
    RequestSecurityTokenResponseType response = renewOperation.renew(request, principal, msgCtx);
    assertTrue(response != null && response.getAny() != null && !response.getAny().isEmpty());
    // Test the generated token.
    Element assertion = null;
    for (Object tokenObject : response.getAny()) {
        if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
            RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
            assertion = (Element) rstType.getAny();
            break;
        }
    }
    assertNotNull(assertion);
    String tokenString = DOM2Writer.nodeToString(assertion);
    assertTrue(tokenString.contains("AttributeStatement"));
    assertTrue(tokenString.contains("alice"));
    assertTrue(tokenString.contains(SAML1Constants.CONF_BEARER));
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties) RequestedSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType) Document(org.w3c.dom.Document) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) TokenValidator(org.apache.cxf.sts.token.validator.TokenValidator) SAMLTokenValidator(org.apache.cxf.sts.token.validator.SAMLTokenValidator) SAMLTokenRenewer(org.apache.cxf.sts.token.renewer.SAMLTokenRenewer) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) TokenRenewer(org.apache.cxf.sts.token.renewer.TokenRenewer) SAMLTokenRenewer(org.apache.cxf.sts.token.renewer.SAMLTokenRenewer) JAXBElement(javax.xml.bind.JAXBElement) Crypto(org.apache.wss4j.common.crypto.Crypto) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) RenewTargetType(org.apache.cxf.ws.security.sts.provider.model.RenewTargetType) WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext) SecurityContext(org.apache.cxf.security.SecurityContext) SAMLTokenValidator(org.apache.cxf.sts.token.validator.SAMLTokenValidator) MessageImpl(org.apache.cxf.message.MessageImpl) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) Principal(java.security.Principal)

Example 30 with RequestedSecurityTokenType

use of org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType in project cxf by apache.

the class RenewSamlUnitTest method testRenewExpiredSaml2Token.

/**
 * Test to successfully renew an expired Saml 2 token.
 */
@org.junit.Test
public void testRenewExpiredSaml2Token() throws Exception {
    TokenRenewOperation renewOperation = new TokenRenewOperation();
    renewOperation.setTokenStore(tokenStore);
    // Add Token Renewer
    List<TokenRenewer> renewerList = new ArrayList<>();
    TokenRenewer tokenRenewer = new SAMLTokenRenewer();
    tokenRenewer.setVerifyProofOfPossession(false);
    tokenRenewer.setAllowRenewalAfterExpiry(true);
    renewerList.add(tokenRenewer);
    renewOperation.setTokenRenewers(renewerList);
    // Add Token Validator
    List<TokenValidator> validatorList = new ArrayList<>();
    validatorList.add(new SAMLTokenValidator());
    renewOperation.setTokenValidators(validatorList);
    // Add STSProperties object
    STSPropertiesMBean stsProperties = new StaticSTSProperties();
    Crypto crypto = CryptoFactory.getInstance(getEncryptionProperties());
    stsProperties.setEncryptionCrypto(crypto);
    stsProperties.setSignatureCrypto(crypto);
    stsProperties.setEncryptionUsername("myservicekey");
    stsProperties.setSignatureUsername("mystskey");
    stsProperties.setCallbackHandler(new PasswordCallbackHandler());
    stsProperties.setIssuer("STS");
    renewOperation.setStsProperties(stsProperties);
    // Mock up a request
    RequestSecurityTokenType request = new RequestSecurityTokenType();
    JAXBElement<String> tokenType = new JAXBElement<String>(QNameConstants.TOKEN_TYPE, String.class, STSConstants.BEARER_KEY_KEYTYPE);
    request.getAny().add(tokenType);
    // Get a SAML Token via the SAMLTokenProvider
    CallbackHandler callbackHandler = new PasswordCallbackHandler();
    Element samlToken = createSAMLAssertion(WSS4JConstants.WSS_SAML2_TOKEN_TYPE, crypto, "mystskey", callbackHandler, 50, true, true);
    // Sleep to expire the token
    Thread.sleep(100);
    Document doc = samlToken.getOwnerDocument();
    samlToken = (Element) doc.appendChild(samlToken);
    RenewTargetType renewTarget = new RenewTargetType();
    renewTarget.setAny(samlToken);
    JAXBElement<RenewTargetType> renewTargetType = new JAXBElement<RenewTargetType>(QNameConstants.RENEW_TARGET, RenewTargetType.class, renewTarget);
    request.getAny().add(renewTargetType);
    // Mock up message context
    MessageImpl msg = new MessageImpl();
    WrappedMessageContext msgCtx = new WrappedMessageContext(msg);
    Principal principal = new CustomTokenPrincipal("alice");
    msgCtx.put(SecurityContext.class.getName(), createSecurityContext(principal));
    // Renew a token
    RequestSecurityTokenResponseType response = renewOperation.renew(request, principal, msgCtx);
    assertTrue(response != null && response.getAny() != null && !response.getAny().isEmpty());
    // Test the generated token.
    Element assertion = null;
    for (Object tokenObject : response.getAny()) {
        if (tokenObject instanceof JAXBElement<?> && REQUESTED_SECURITY_TOKEN.equals(((JAXBElement<?>) tokenObject).getName())) {
            RequestedSecurityTokenType rstType = (RequestedSecurityTokenType) ((JAXBElement<?>) tokenObject).getValue();
            assertion = (Element) rstType.getAny();
            break;
        }
    }
    assertNotNull(assertion);
    String tokenString = DOM2Writer.nodeToString(assertion);
    assertTrue(tokenString.contains("AttributeStatement"));
    assertTrue(tokenString.contains("alice"));
    assertTrue(tokenString.contains(SAML2Constants.CONF_BEARER));
}
Also used : CallbackHandler(javax.security.auth.callback.CallbackHandler) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) RequestSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType) JAXBElement(javax.xml.bind.JAXBElement) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) RequestSecurityTokenResponseType(org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType) StaticSTSProperties(org.apache.cxf.sts.StaticSTSProperties) RequestedSecurityTokenType(org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType) Document(org.w3c.dom.Document) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) TokenValidator(org.apache.cxf.sts.token.validator.TokenValidator) SAMLTokenValidator(org.apache.cxf.sts.token.validator.SAMLTokenValidator) SAMLTokenRenewer(org.apache.cxf.sts.token.renewer.SAMLTokenRenewer) PasswordCallbackHandler(org.apache.cxf.sts.common.PasswordCallbackHandler) TokenRenewer(org.apache.cxf.sts.token.renewer.TokenRenewer) SAMLTokenRenewer(org.apache.cxf.sts.token.renewer.SAMLTokenRenewer) JAXBElement(javax.xml.bind.JAXBElement) Crypto(org.apache.wss4j.common.crypto.Crypto) STSPropertiesMBean(org.apache.cxf.sts.STSPropertiesMBean) RenewTargetType(org.apache.cxf.ws.security.sts.provider.model.RenewTargetType) WrappedMessageContext(org.apache.cxf.jaxws.context.WrappedMessageContext) SecurityContext(org.apache.cxf.security.SecurityContext) SAMLTokenValidator(org.apache.cxf.sts.token.validator.SAMLTokenValidator) MessageImpl(org.apache.cxf.message.MessageImpl) CustomTokenPrincipal(org.apache.wss4j.common.principal.CustomTokenPrincipal) Principal(java.security.Principal)

Aggregations

RequestedSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestedSecurityTokenType)65 RequestSecurityTokenResponseType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseType)63 JAXBElement (javax.xml.bind.JAXBElement)62 Element (org.w3c.dom.Element)61 RequestSecurityTokenType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenType)55 ArrayList (java.util.ArrayList)51 WrappedMessageContext (org.apache.cxf.jaxws.context.WrappedMessageContext)49 MessageImpl (org.apache.cxf.message.MessageImpl)49 STSPropertiesMBean (org.apache.cxf.sts.STSPropertiesMBean)49 Crypto (org.apache.wss4j.common.crypto.Crypto)49 PasswordCallbackHandler (org.apache.cxf.sts.common.PasswordCallbackHandler)48 TokenProvider (org.apache.cxf.sts.token.provider.TokenProvider)47 CustomTokenPrincipal (org.apache.wss4j.common.principal.CustomTokenPrincipal)46 StaticSTSProperties (org.apache.cxf.sts.StaticSTSProperties)42 SAMLTokenProvider (org.apache.cxf.sts.token.provider.SAMLTokenProvider)40 Principal (java.security.Principal)38 SecurityContext (org.apache.cxf.security.SecurityContext)38 ServiceMBean (org.apache.cxf.sts.service.ServiceMBean)34 StaticService (org.apache.cxf.sts.service.StaticService)34 RequestSecurityTokenResponseCollectionType (org.apache.cxf.ws.security.sts.provider.model.RequestSecurityTokenResponseCollectionType)32